HackTheBox Secured Transfer Challenge

Explore the basics of cybersecurity in the Secured Transfer Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/425

Description#

Ghosts have been sending messages to each other through the aether, but we can’t understand a word of it! Can you understand their riddles?

Exploitation#

#!/usr/bin/env python3
from Crypto.Cipher import AES
from scapy.all import *
import binascii

def decrypt_data(encrypted_data):
    key = b"supersecretkeyusedforencryption!"
    iv = b"someinitialvalue"
    cipher = AES.new(key, AES.MODE_CBC, iv)
    decrypted = cipher.decrypt(encrypted_data)
    return decrypted

def reconstruct_tcp_stream(pcap_file):
    streams = {}
    packets = rdpcap(pcap_file)
    for packet in packets:
        if TCP in packet and Raw in packet:
            if packet[TCP].dport == 1337:
                stream_id = f"{packet[IP].src}:{packet[TCP].sport}->{packet[IP].dst}:{packet[TCP].dport}"
            elif packet[TCP].sport == 1337:
                stream_id = f"{packet[IP].dst}:{packet[TCP].dport}->{packet[IP].src}:{packet[TCP].sport}"
            else:
                continue
            if stream_id not in streams:
                streams[stream_id] = b""
            streams[stream_id] += raw(packet[Raw])
    return streams

def process_stream(stream_data):
    try:
        if len(stream_data) < 8:
            return None
        length = int.from_bytes(stream_data[:8], 'little')
        if length > 0x1000 or length < 0xF:
            return None
        encrypted = stream_data[8:8+length]
        if len(encrypted) != length:
            return None
        decrypted = decrypt_data(encrypted)
        return decrypted
    except Exception as e:
        print(f"Error processing stream: {e}")
        return None

def main(pcap_file):
    print(f"[+] Reading {pcap_file}")
    streams = reconstruct_tcp_stream(pcap_file)
    print(f"[+] Found {len(streams)} TCP streams")
    for stream_id, stream_data in streams.items():
        print(f"[+] Processing stream: {stream_id}")
        decrypted = process_stream(stream_data)
        print(decrypted.decode('utf-8').strip())

if __name__ == "__main__":
    main("./trace.pcap")

Summary#

The Secured Transfer Challenge on Hack The Box is an easy-level reverse engineering puzzle that introduces network traffic analysis and AES decryption. Participants analyze a PCAP file to reconstruct a TCP stream, extract encrypted data, and decrypt it using a fixed AES key and IV. By leveraging tools like Scapy and the Crypto library, the challenge demonstrates how to reverse-engineer encrypted communications and uncover hidden messages. Ideal for beginners, it provides hands-on experience with network forensics and cryptographic analysis, offering a practical introduction to encryption reversal and data extraction.